Out-of-bounds memory read vulnerability in multiple Adobe products (CNVD-2018-05019)

Acrobat DC Continuous Track and so on are the United States of America Auduby Adobe company's products. Acrobat DC Continuous Track is a desktop version of the continuous update of the PDF solution. Reader DC Continuous Track is a continuous update of the PDF reading tool version. Reader DC...

Qemu: qemu-nbd crashes due to undefined I/O coroutine

An assertion-failure flaw was found in the Network Block Device NBD server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to...

Qemu: qemu-nbd crashes due to undefined I/O coroutine

An assertion-failure flaw was found in the Network Block Device NBD server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to...

Controlling Citrix Workspace app Refresh Time

Note:- This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team. Citrix Workspace app would periodically refresh the resources from the server. By default, periodic refresh happens every 60 minutes after th...

UBUNTU-CVE-2017-17459

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

Inedo Otter Denial of Service Vulnerability

Inedo Otter is a set of server monitoring and configuration software from Inedo, USA. The software displays the configuration status of the target server by providing a dynamic, visual interface. A security vulnerability exists in Indeo Otter 1.7.4 and earlier versions where the vulnerable progra...

CVE-2017-17086

Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service crash or possibly have unspecified other impact, as demonstrated by the Plan Editor...

SUSE-SU-2017:3000-1 Security update for storm, storm-kit

This update for storm, storm-kit fixes the following issues: - Update storm to version 1.0.5 bsc1059463, CVE-2017-9799 - Update storm-kit to version 1.0.5 bsc1059463, CVE-2017-9799 - Initial package bsc1048688, fate323204...

The vulnerability of the initial loader of devices running the HTC Android operating system allows a hacker to increase their privileges.

The vulnerability of the initial loader on HTC Android devices is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

UCOPIA Wireless Appliance Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions...

CVE-2017-14748

Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service season bans and SR losses for other users by leaving a competitive match at a specific time during the initial loading of that match...

CVE-2017-14176

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign

A wide variety of threat actors began distributing HawkEye malware through high-volume email campaigns after it became available for purchase via a public-facing website. The actors behind the phishing campaigns typically used email themes based on current events and media reports that would piqu...

PT-2017-3734 · Qemu +1 · Qemu +2

Name of the Vulnerable Software and Affected Versions: Qemu versions prior to 2.10.1 Qemu-NBD affected versions not specified Description: The issue is related to errors during connection establishment in the Qemu-NBD hardware emulator server. It can be exploited by a remote attacker to cause a...

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

UBUNTU-CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

CVE-2017-7901

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series...

CVE-2017-7901

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series...